[oe] [meta-initramfs][PATCH v2] klibc: fix build on i386 with GCC and security flags enabled
Hongxu Jia
hongxu.jia at windriver.com
Sat Sep 15 08:14:46 UTC 2018
On 2018年09月15日 02:02, Andrea Adami wrote:
> ld fails if distro's security-flags are enabled:
> Inject the SECURITY_XFLAGS if security_flags.inc was included.
>
> Fix on i386: ld: discarded output section: `.got.plt'
>
> Signed-off-by: Andrea Adami <andrea.adami at gmail.com>
> ---
> meta-initramfs/recipes-devtools/klibc/klibc.inc | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/meta-initramfs/recipes-devtools/klibc/klibc.inc b/meta-initramfs/recipes-devtools/klibc/klibc.inc
> index 3d25e96..837b026 100644
> --- a/meta-initramfs/recipes-devtools/klibc/klibc.inc
> +++ b/meta-initramfs/recipes-devtools/klibc/klibc.inc
> @@ -47,7 +47,8 @@ EXTRA_OEMAKE = "'KLIBCARCH=${KLIBC_ARCH}' \
> 'KLIBCOPTFLAGS=${TUNE_CCARGS}' \
> V=1 \
> "
> -EXTRA_OEMAKE += 'EXTRA_KLIBCAFLAGS="-Wa,--noexecstack" EXTRA_KLIBCLDFLAGS="-z noexecstack"'
> +EXTRA_OEMAKE += "'EXTRA_KLIBCAFLAGS=${SECURITY_CFLAGS} -Wa,--noexecstack' \
> + 'EXTRA_KLIBCLDFLAGS=${SECURITY_LDFLAGS} -z noexecstack'"
>
Is it necessary to pass SECURITY_XFLAGS directly? While including
security_flags.inc,
CC will contain SECURITY_CFLAGS and LDFLAGS will contain SECURITY_LDFLAGS.
Maybe you should make sure to pass LDFLAGS to EXTRA_KLIBCLDFLAGS to avoid
ldflags qa warning.
[security_flags.inc]
58 TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}"
59 TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
[security_flags.inc]
> export FIX_ARMV4_EABI_BX = "${FIX_V4BX}"
> KLIBCTHUMB = "${@['CONFIG_KLIBC_THUMB=n', 'CONFIG_KLIBC_THUMB=y'][(d.getVar('ARM_INSTRUCTION_SET') == 'thumb')]}"
> @@ -74,5 +75,4 @@ KLIBC_ARCH_powerpc = "ppc"
> KLIBC_ARCH_powerpc64 = "ppc64"
> THIS_LIBKLIBC = "libklibc (= ${PV}-${PR})"
>
> -SECURITY_CFLAGS = "-fno-PIE -no-pie"
> -SECURITY_LDFLAGS = "-no-pie"
> +SECURITY_LDFLAGS = "${@'-z relro -z now -pie' if '${GCCPIE}' else ''}"
The same reason, it is not necessary to test GCCPIE,
and it missed "-Wl,"?, how about directly set SECURITY_STACK_PROTECTOR = ""
//Hongxu
More information about the Openembedded-devel
mailing list